From 2719f73b6813d11d13a9650cdd2ab8ec6e69385d Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Sat, 9 Jul 2022 15:43:36 +0100
Subject: gentoo resync : 09.07.2022

---
 net-firewall/Manifest.gz                           | Bin 4541 -> 4543 bytes
 net-firewall/firewalld/Manifest                    |   4 +
 net-firewall/firewalld/firewalld-1.1.2.ebuild      | 212 ++++++++++++++++++++
 net-firewall/firewalld/firewalld-1.2.0.ebuild      | 212 ++++++++++++++++++++
 net-firewall/iptables/Manifest                     |   2 +-
 net-firewall/iptables/iptables-1.8.8-r3.ebuild     | 181 -----------------
 net-firewall/iptables/iptables-1.8.8-r4.ebuild     | 181 +++++++++++++++++
 net-firewall/nufw/Manifest                         |   2 +-
 net-firewall/nufw/nufw-2.2.22-r4.ebuild            |   2 +-
 net-firewall/psad/Manifest                         |   2 +-
 net-firewall/psad/psad-2.4.6-r1.ebuild             |  90 +++++++++
 net-firewall/psad/psad-2.4.6.ebuild                |  93 ---------
 net-firewall/ufw/Manifest                          |   7 +-
 .../ufw/files/ufw-0.36.1-dont-check-iptables.patch |  50 +++++
 net-firewall/ufw/files/ufw-0.36.1-move-path.patch  | 124 ++++++++++++
 net-firewall/ufw/files/ufw-0.36.1-shebang.patch    |  15 ++
 net-firewall/ufw/metadata.xml                      |   9 +-
 net-firewall/ufw/ufw-0.36.1.ebuild                 | 217 +++++++++++++++++++++
 18 files changed, 1116 insertions(+), 287 deletions(-)
 create mode 100644 net-firewall/firewalld/firewalld-1.1.2.ebuild
 create mode 100644 net-firewall/firewalld/firewalld-1.2.0.ebuild
 delete mode 100644 net-firewall/iptables/iptables-1.8.8-r3.ebuild
 create mode 100644 net-firewall/iptables/iptables-1.8.8-r4.ebuild
 create mode 100644 net-firewall/psad/psad-2.4.6-r1.ebuild
 delete mode 100644 net-firewall/psad/psad-2.4.6.ebuild
 create mode 100644 net-firewall/ufw/files/ufw-0.36.1-dont-check-iptables.patch
 create mode 100644 net-firewall/ufw/files/ufw-0.36.1-move-path.patch
 create mode 100644 net-firewall/ufw/files/ufw-0.36.1-shebang.patch
 create mode 100644 net-firewall/ufw/ufw-0.36.1.ebuild

(limited to 'net-firewall')

diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz
index 4633bf333976..6b37a55aa8b2 100644
Binary files a/net-firewall/Manifest.gz and b/net-firewall/Manifest.gz differ
diff --git a/net-firewall/firewalld/Manifest b/net-firewall/firewalld/Manifest
index 26ae594e0032..4ef0debdf829 100644
--- a/net-firewall/firewalld/Manifest
+++ b/net-firewall/firewalld/Manifest
@@ -1,5 +1,9 @@
 AUX firewalld.init 250 BLAKE2B 1c0f690e24313037b801902aa772a9d1cb6889a05f142bc3d84602002ef053cd059b5193983f9fe6d89065a070a566a6a9ba8212a092435953ebed80ea7c7b40 SHA512 457cda01449f38563e98e1db937fe1c50745eab91797f52687e3ab9f5d94dd42d129740ae6669e99666a3f096d631dd3a44e66010b638b31b9c6ba798362403e
 AUX firewalld.service 581 BLAKE2B b4eb7549305da68bc53f913d5d0a3ff2595e8e482ed2a474ede645f33b8192e142cd1aa964c5c1dcf8a7c336c68d494ee13421ec7566312a4f89330c236cab9c SHA512 b81fb8414619b3661985cbac001a47c76d76b13eebe421919a838fa0396e6470a3109e0d20d88f423ff43b6e48c0537467125a85bf8939ef0ab6ded4d4829b03
 DIST firewalld-1.1.1.tar.gz 1325362 BLAKE2B 0167d9bc1c76da420dfe8aa5e6bfdd743116fbe6959d5920b972fac09c72608c90b9d6b2bb4bd7bb01250cbab2bdbb30a017becf5d050f490f4f289661e4366a SHA512 ecf75c30be63d2285d0b915b26d20e679c2f45f121c37b8cecc236da02d21039c692d1fec72e6c29d2a7b6de570daad573c230deacaef7491a2fd39c35332479
+DIST firewalld-1.1.2.tar.gz 2099245 BLAKE2B ea1e73cf96908ca4981deb86d4c0fad75f36ef321a37bba6d789b3de90b1cbb818f1eda713f41567c2125265b2e19707d411e1b51ab35c6f1af8b6040528f150 SHA512 a82a57d77c2fb5e9758218516912057bfbfb5549b341bcaaa8d40f3c39b8af67a01ca146a3aa09495ca38b315fa09a5d3d32597c40de10ca2da370b81d5598b0
+DIST firewalld-1.2.0.tar.gz 2120379 BLAKE2B 8c09e9a5e08e9f4dc2b3bfeda35d9078bd464956a30d7fdb5700329755fc307f0664f6a20ff5e941026785f28940b1eeebe747e2b2b3eed150725e014d05f870 SHA512 739ef7e4b85f2f00656434f6b37fb8116b9a93595390667d212820bc30a3e3cfaf5a60be7b18ec1f72be720d35a76224f3ce28856a9ff72557b8a8ae8e83f0a8
 EBUILD firewalld-1.1.1.ebuild 5166 BLAKE2B 40802a29a71d688686acdb223f493c0ca2b5552416b5ffb5dad7ca75d5a8af433df72a289a57fd527a97ae6d33173db2059241f4951f0bbdfaceaa8ad734ab20 SHA512 d65f3b8c9c2aedd4d9ee76fb28bcd77e9eebfa23e326b05225e94f84ce9b9b7c6a0491da3ca867ab3c49bbac244aa3a8622b281e3ccfae321889e27a58ab9dfd
+EBUILD firewalld-1.1.2.ebuild 5223 BLAKE2B bc89930ffb3015b4702295d1e47ebfaf707a45e3b940d8c3fc2fc95b361a6e6fe29322bd13a22c2c1a741146a514a949ca595adc2b2d50766b99192135148d7c SHA512 09c8606220d3b779fae7f16d690b4f396ab7e75423e255a4b9985573c439cf51676c29d229365805e1eb19a13b62a7067c2eb663bab48dc47a97aead9600d44a
+EBUILD firewalld-1.2.0.ebuild 5223 BLAKE2B bc89930ffb3015b4702295d1e47ebfaf707a45e3b940d8c3fc2fc95b361a6e6fe29322bd13a22c2c1a741146a514a949ca595adc2b2d50766b99192135148d7c SHA512 09c8606220d3b779fae7f16d690b4f396ab7e75423e255a4b9985573c439cf51676c29d229365805e1eb19a13b62a7067c2eb663bab48dc47a97aead9600d44a
 MISC metadata.xml 587 BLAKE2B f4a873c64f1760c1d28f09886573b638053e23bc2562674b4c21b81414c66271ff8c168d3a98f402bb0d2a3f8982b29cbd77817f0eac346f0774b51ed014113d SHA512 47bd8f14d0eeae00a59fc0507dd178f4420381a8ba197535936acba3aae0344614f003647636c0361c5cc0ef86d2653d7ca175cdeb2d5fdbc8869c3e633df6ba
diff --git a/net-firewall/firewalld/firewalld-1.1.2.ebuild b/net-firewall/firewalld/firewalld-1.1.2.ebuild
new file mode 100644
index 000000000000..a1e5b3069d0d
--- /dev/null
+++ b/net-firewall/firewalld/firewalld-1.1.2.ebuild
@@ -0,0 +1,212 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{8..10} )
+inherit bash-completion-r1 gnome2-utils linux-info optfeature plocale python-single-r1 systemd xdg-utils
+
+DESCRIPTION="A firewall daemon with D-Bus interface providing a dynamic firewall"
+HOMEPAGE="https://firewalld.org/"
+SRC_URI="https://github.com/firewalld/firewalld/releases/download/v${PV}/${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
+IUSE="gui +nftables +iptables test"
+# Tests previously restricted for bug #650760
+RESTRICT="!test? ( test ) test? ( userpriv )"
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+RDEPEND="${PYTHON_DEPS}
+	iptables? (
+		net-firewall/iptables[ipv6(+)]
+		net-firewall/ebtables
+		net-firewall/ipset
+		nftables? ( net-firewall/nftables[xtables(+)] )
+	)
+	|| ( >=sys-apps/openrc-0.11.5 sys-apps/systemd )
+	$(python_gen_cond_dep '
+		dev-python/dbus-python[${PYTHON_USEDEP}]
+		dev-python/pygobject:3[${PYTHON_USEDEP}]
+		gui? (
+			x11-libs/gtk+:3
+			dev-python/PyQt5[gui,widgets,${PYTHON_USEDEP}]
+		)
+		nftables? ( >=net-firewall/nftables-0.9.4[python,json] )
+	')"
+DEPEND="${RDEPEND}
+	dev-libs/glib:2"
+BDEPEND="app-text/docbook-xml-dtd
+	>=dev-util/intltool-0.35
+	sys-devel/gettext"
+
+# Testsuite's Makefile.am calls missing(!)
+# ... but this seems to be consistent with the autoconf docs?
+# Needs more investigation: https://www.gnu.org/software/autoconf/manual/autoconf-2.67/html_node/autom4te-Invocation.html
+QA_AM_MAINTAINER_MODE=".*--run autom4te --language=autotest.*"
+
+PLOCALES="ar as ast bg bn_IN ca cs da de el en_GB en_US es et eu fa fi fr gl gu hi hr hu ia id it ja ka kn ko lt ml mr nl or pa pl pt pt_BR ru si sk sq sr sr@latin sv ta te tr uk zh_CN zh_TW"
+
+pkg_setup() {
+	# See bug #830132 for the huge list
+	# We can probably narrow it down a bit but it's rather fragile
+	local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_CONNTRACK
+	~NETFILTER
+	~NETFILTER_ADVANCED
+	~NETFILTER_INGRESS
+	~NF_NAT_MASQUERADE
+	~NF_NAT_REDIRECT
+	~NF_TABLES_INET
+	~NF_TABLES_IPV4
+	~NF_TABLES_IPV6
+	~NF_CONNTRACK
+	~NF_CONNTRACK_BROADCAST
+	~NF_CONNTRACK_NETBIOS_NS
+	~NF_CONNTRACK_TFTP
+	~NF_CT_NETLINK
+	~NF_CT_NETLINK_HELPER
+	~NF_DEFRAG_IPV4
+	~NF_DEFRAG_IPV6
+	~NF_NAT
+	~NF_NAT_TFTP
+	~NF_REJECT_IPV4
+	~NF_REJECT_IPV6
+	~NF_SOCKET_IPV4
+	~NF_SOCKET_IPV6
+	~NF_TABLES
+	~NF_TPROXY_IPV4
+	~NF_TPROXY_IPV6
+	~IP_NF_FILTER
+	~IP_NF_IPTABLES
+	~IP_NF_MANGLE
+	~IP_NF_NAT
+	~IP_NF_RAW
+	~IP_NF_SECURITY
+	~IP_NF_TARGET_MASQUERADE
+	~IP_NF_TARGET_REJECT
+	~IP6_NF_FILTER
+	~IP6_NF_IPTABLES
+	~IP6_NF_MANGLE
+	~IP6_NF_NAT
+	~IP6_NF_RAW
+	~IP6_NF_SECURITY
+	~IP6_NF_TARGET_MASQUERADE
+	~IP6_NF_TARGET_REJECT
+	~IP_SET
+	~NETFILTER_CONNCOUNT
+	~NETFILTER_NETLINK
+	~NETFILTER_NETLINK_OSF
+	~NETFILTER_NETLINK_QUEUE
+	~NETFILTER_SYNPROXY
+	~NETFILTER_XTABLES
+	~NETFILTER_XT_CONNMARK
+	~NETFILTER_XT_MATCH_CONNTRACK
+	~NETFILTER_XT_MATCH_MULTIPORT
+	~NETFILTER_XT_MATCH_STATE
+	~NETFILTER_XT_NAT
+	~NETFILTER_XT_TARGET_MASQUERADE
+	~NFT_COMPAT
+	~NFT_COUNTER
+	~NFT_CT
+	~NFT_FIB
+	~NFT_FIB_INET
+	~NFT_FIB_IPV4
+	~NFT_FIB_IPV6
+	~NFT_HASH
+	~NFT_LIMIT
+	~NFT_LOG
+	~NFT_MASQ
+	~NFT_NAT
+	~NFT_OBJREF
+	~NFT_QUEUE
+	~NFT_QUOTA
+	~NFT_REDIR
+	~NFT_REJECT
+	~NFT_REJECT_INET
+	~NFT_REJECT_IPV4
+	~NFT_REJECT_IPV6
+	~NFT_SOCKET
+	~NFT_SYNPROXY
+	~NFT_TPROXY
+	~NFT_TUNNEL
+	~NFT_XFRM"
+
+	# kernel >= 4.19 has unified a NF_CONNTRACK module, bug #692944
+	if kernel_is -lt 4 19; then
+		CONFIG_CHECK+=" ~NF_CONNTRACK_IPV4 ~NF_CONNTRACK_IPV6"
+	fi
+
+	# bug #831259
+	if kernel_is -le 5 4 ; then
+		CONFIG_CHECK+=" ~NF_TABLES_SET"
+	fi
+
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	plocale_find_changes "po" "" ".po" || die
+	plocale_get_locales | sed -e 's/ /\n/g' > po/LINGUAS
+}
+
+src_configure() {
+	python_setup
+
+	local myeconfargs=(
+		--enable-systemd
+		$(use_with iptables iptables "${EPREFIX}/sbin/iptables")
+		$(use_with iptables iptables_restore "${EPREFIX}/sbin/iptables-restore")
+		$(use_with iptables ip6tables "${EPREFIX}/sbin/ip6tables")
+		$(use_with iptables ip6tables_restore "${EPREFIX}/sbin/ip6tables-restore")
+		$(use_with iptables ebtables "${EPREFIX}/sbin/ebtables")
+		$(use_with iptables ebtables_restore "${EPREFIX}/sbin/ebtables-restore")
+		$(use_with iptables ipset "${EPREFIX}/usr/sbin/ipset")
+		--with-systemd-unitdir="$(systemd_get_systemunitdir)"
+		--with-bashcompletiondir="$(get_bashcompdir)"
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+	python_optimize
+
+	# Get rid of junk
+	rm -rf "${D}/etc/sysconfig/" || die
+
+	# For non-gui installs we need to remove GUI bits
+	if ! use gui; then
+		rm -rf "${D}/etc/xdg/autostart" || die
+		rm -f "${D}/usr/bin/firewall-applet" || die
+		rm -f "${D}/usr/bin/firewall-config" || die
+		rm -rf "${D}/usr/share/applications" || die
+		rm -rf "${D}/usr/share/icons" || die
+	fi
+
+	newinitd "${FILESDIR}"/firewalld.init firewalld
+
+	# Our version drops the/an obsolete 'conflicts' line with old iptables services
+	# bug #833506
+	systemd_dounit "${FILESDIR}"/firewalld.service
+}
+
+pkg_preinst() {
+	gnome2_schemas_savelist
+}
+
+pkg_postinst() {
+	xdg_icon_cache_update
+	gnome2_schemas_update
+
+	# bug #833569
+	optfeature "changing zones with NetworkManager" gnome-extra/nm-applet
+}
+
+pkg_postrm() {
+	xdg_icon_cache_update
+	gnome2_schemas_update
+}
diff --git a/net-firewall/firewalld/firewalld-1.2.0.ebuild b/net-firewall/firewalld/firewalld-1.2.0.ebuild
new file mode 100644
index 000000000000..a1e5b3069d0d
--- /dev/null
+++ b/net-firewall/firewalld/firewalld-1.2.0.ebuild
@@ -0,0 +1,212 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{8..10} )
+inherit bash-completion-r1 gnome2-utils linux-info optfeature plocale python-single-r1 systemd xdg-utils
+
+DESCRIPTION="A firewall daemon with D-Bus interface providing a dynamic firewall"
+HOMEPAGE="https://firewalld.org/"
+SRC_URI="https://github.com/firewalld/firewalld/releases/download/v${PV}/${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
+IUSE="gui +nftables +iptables test"
+# Tests previously restricted for bug #650760
+RESTRICT="!test? ( test ) test? ( userpriv )"
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+RDEPEND="${PYTHON_DEPS}
+	iptables? (
+		net-firewall/iptables[ipv6(+)]
+		net-firewall/ebtables
+		net-firewall/ipset
+		nftables? ( net-firewall/nftables[xtables(+)] )
+	)
+	|| ( >=sys-apps/openrc-0.11.5 sys-apps/systemd )
+	$(python_gen_cond_dep '
+		dev-python/dbus-python[${PYTHON_USEDEP}]
+		dev-python/pygobject:3[${PYTHON_USEDEP}]
+		gui? (
+			x11-libs/gtk+:3
+			dev-python/PyQt5[gui,widgets,${PYTHON_USEDEP}]
+		)
+		nftables? ( >=net-firewall/nftables-0.9.4[python,json] )
+	')"
+DEPEND="${RDEPEND}
+	dev-libs/glib:2"
+BDEPEND="app-text/docbook-xml-dtd
+	>=dev-util/intltool-0.35
+	sys-devel/gettext"
+
+# Testsuite's Makefile.am calls missing(!)
+# ... but this seems to be consistent with the autoconf docs?
+# Needs more investigation: https://www.gnu.org/software/autoconf/manual/autoconf-2.67/html_node/autom4te-Invocation.html
+QA_AM_MAINTAINER_MODE=".*--run autom4te --language=autotest.*"
+
+PLOCALES="ar as ast bg bn_IN ca cs da de el en_GB en_US es et eu fa fi fr gl gu hi hr hu ia id it ja ka kn ko lt ml mr nl or pa pl pt pt_BR ru si sk sq sr sr@latin sv ta te tr uk zh_CN zh_TW"
+
+pkg_setup() {
+	# See bug #830132 for the huge list
+	# We can probably narrow it down a bit but it's rather fragile
+	local CONFIG_CHECK="~NF_CONNTRACK ~NETFILTER_XT_MATCH_CONNTRACK
+	~NETFILTER
+	~NETFILTER_ADVANCED
+	~NETFILTER_INGRESS
+	~NF_NAT_MASQUERADE
+	~NF_NAT_REDIRECT
+	~NF_TABLES_INET
+	~NF_TABLES_IPV4
+	~NF_TABLES_IPV6
+	~NF_CONNTRACK
+	~NF_CONNTRACK_BROADCAST
+	~NF_CONNTRACK_NETBIOS_NS
+	~NF_CONNTRACK_TFTP
+	~NF_CT_NETLINK
+	~NF_CT_NETLINK_HELPER
+	~NF_DEFRAG_IPV4
+	~NF_DEFRAG_IPV6
+	~NF_NAT
+	~NF_NAT_TFTP
+	~NF_REJECT_IPV4
+	~NF_REJECT_IPV6
+	~NF_SOCKET_IPV4
+	~NF_SOCKET_IPV6
+	~NF_TABLES
+	~NF_TPROXY_IPV4
+	~NF_TPROXY_IPV6
+	~IP_NF_FILTER
+	~IP_NF_IPTABLES
+	~IP_NF_MANGLE
+	~IP_NF_NAT
+	~IP_NF_RAW
+	~IP_NF_SECURITY
+	~IP_NF_TARGET_MASQUERADE
+	~IP_NF_TARGET_REJECT
+	~IP6_NF_FILTER
+	~IP6_NF_IPTABLES
+	~IP6_NF_MANGLE
+	~IP6_NF_NAT
+	~IP6_NF_RAW
+	~IP6_NF_SECURITY
+	~IP6_NF_TARGET_MASQUERADE
+	~IP6_NF_TARGET_REJECT
+	~IP_SET
+	~NETFILTER_CONNCOUNT
+	~NETFILTER_NETLINK
+	~NETFILTER_NETLINK_OSF
+	~NETFILTER_NETLINK_QUEUE
+	~NETFILTER_SYNPROXY
+	~NETFILTER_XTABLES
+	~NETFILTER_XT_CONNMARK
+	~NETFILTER_XT_MATCH_CONNTRACK
+	~NETFILTER_XT_MATCH_MULTIPORT
+	~NETFILTER_XT_MATCH_STATE
+	~NETFILTER_XT_NAT
+	~NETFILTER_XT_TARGET_MASQUERADE
+	~NFT_COMPAT
+	~NFT_COUNTER
+	~NFT_CT
+	~NFT_FIB
+	~NFT_FIB_INET
+	~NFT_FIB_IPV4
+	~NFT_FIB_IPV6
+	~NFT_HASH
+	~NFT_LIMIT
+	~NFT_LOG
+	~NFT_MASQ
+	~NFT_NAT
+	~NFT_OBJREF
+	~NFT_QUEUE
+	~NFT_QUOTA
+	~NFT_REDIR
+	~NFT_REJECT
+	~NFT_REJECT_INET
+	~NFT_REJECT_IPV4
+	~NFT_REJECT_IPV6
+	~NFT_SOCKET
+	~NFT_SYNPROXY
+	~NFT_TPROXY
+	~NFT_TUNNEL
+	~NFT_XFRM"
+
+	# kernel >= 4.19 has unified a NF_CONNTRACK module, bug #692944
+	if kernel_is -lt 4 19; then
+		CONFIG_CHECK+=" ~NF_CONNTRACK_IPV4 ~NF_CONNTRACK_IPV6"
+	fi
+
+	# bug #831259
+	if kernel_is -le 5 4 ; then
+		CONFIG_CHECK+=" ~NF_TABLES_SET"
+	fi
+
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	plocale_find_changes "po" "" ".po" || die
+	plocale_get_locales | sed -e 's/ /\n/g' > po/LINGUAS
+}
+
+src_configure() {
+	python_setup
+
+	local myeconfargs=(
+		--enable-systemd
+		$(use_with iptables iptables "${EPREFIX}/sbin/iptables")
+		$(use_with iptables iptables_restore "${EPREFIX}/sbin/iptables-restore")
+		$(use_with iptables ip6tables "${EPREFIX}/sbin/ip6tables")
+		$(use_with iptables ip6tables_restore "${EPREFIX}/sbin/ip6tables-restore")
+		$(use_with iptables ebtables "${EPREFIX}/sbin/ebtables")
+		$(use_with iptables ebtables_restore "${EPREFIX}/sbin/ebtables-restore")
+		$(use_with iptables ipset "${EPREFIX}/usr/sbin/ipset")
+		--with-systemd-unitdir="$(systemd_get_systemunitdir)"
+		--with-bashcompletiondir="$(get_bashcompdir)"
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+	python_optimize
+
+	# Get rid of junk
+	rm -rf "${D}/etc/sysconfig/" || die
+
+	# For non-gui installs we need to remove GUI bits
+	if ! use gui; then
+		rm -rf "${D}/etc/xdg/autostart" || die
+		rm -f "${D}/usr/bin/firewall-applet" || die
+		rm -f "${D}/usr/bin/firewall-config" || die
+		rm -rf "${D}/usr/share/applications" || die
+		rm -rf "${D}/usr/share/icons" || die
+	fi
+
+	newinitd "${FILESDIR}"/firewalld.init firewalld
+
+	# Our version drops the/an obsolete 'conflicts' line with old iptables services
+	# bug #833506
+	systemd_dounit "${FILESDIR}"/firewalld.service
+}
+
+pkg_preinst() {
+	gnome2_schemas_savelist
+}
+
+pkg_postinst() {
+	xdg_icon_cache_update
+	gnome2_schemas_update
+
+	# bug #833569
+	optfeature "changing zones with NetworkManager" gnome-extra/nm-applet
+}
+
+pkg_postrm() {
+	xdg_icon_cache_update
+	gnome2_schemas_update
+}
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index 95abe52aa2ab..8a65b6ac147a 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -16,5 +16,5 @@ AUX systemd/iptables-store.service 240 BLAKE2B 7ddb4425e63cd41f421767fab25a7b055
 DIST iptables-1.8.7.tar.bz2 717862 BLAKE2B fd4dcff142eaadde2a14ce3eb5e45d41c326752553b52900c77fd2e2a20c0685d0a04b95755995e914df47658834d52216d6465c2ae9cd6abc6eb122b95cc976 SHA512 c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75
 DIST iptables-1.8.8.tar.bz2 746985 BLAKE2B 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 SHA512 f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59
 EBUILD iptables-1.8.7-r2.ebuild 4561 BLAKE2B f0ce89cf5c49c7856f8702aad182b91abe99ce79b82c6e13194ca7a1499dd0fbe2112189e673aaedfbe0e40a030266e2b5d4bfa2d1b542b5ef744388af7d4dc7 SHA512 8f546a3ddef734f215cb0b9673cbd31b4be90a85ff99299c12f0a19cc053f56a095103e4d9c03d104542a0d978cbaff295074fca147db5f57a75d337fb5ca297
-EBUILD iptables-1.8.8-r3.ebuild 4623 BLAKE2B a68e56509dd33fba877c1ca913fef669bbfe6f09d3ef3d724f75660a60341dfbbf18b4fb76c66321fda757c4a32195370465364c5687c0af117d7ea5c50b6735 SHA512 620fea6d3bce4ea7180ace028f3bde22b84621902706c9424958a225a00ef1a24ed7a6ae1c2d0e8e83407b1373e8fa719846a0dbad3393e74005ef20d00e1587
+EBUILD iptables-1.8.8-r4.ebuild 4626 BLAKE2B 917e07995be4ee0dee6170e31f1aa359544a9b7bc81b90ddcc68b483ed47e2135044caf6c7290af61e600a5009c8456c730440a2245355c60b96af589211e9a8 SHA512 a9f72dd87127dca33e6b63757b3adb421837484fc8871c00c071a8d33292f7da6e0fd92aa3ec2dbad99e46347b0693d97e3cf2dfabfacff02f306d16f777754a
 MISC metadata.xml 1466 BLAKE2B 7378fedb44c6e6d19e508a764ec997911f966beccd40b1f93096ad3343b7cd72f9ca129e67a666c54ca4382348a448597bd607197ffe6b94669d84306c81d127 SHA512 f89038980e81bfceaf872ff1938c47e8ad12060bbe9ff48e0e9ca9dd5acc0196b2261d2b22a156cbfd7be89d1d67448969d39ff9b28efb0896702760afa14842
diff --git a/net-firewall/iptables/iptables-1.8.8-r3.ebuild b/net-firewall/iptables/iptables-1.8.8-r3.ebuild
deleted file mode 100644
index b5f9b1e35cde..000000000000
--- a/net-firewall/iptables/iptables-1.8.8-r3.ebuild
+++ /dev/null
@@ -1,181 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript
-
-DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-# Subslot reflects PV when libxtables and/or libip*tc was changed
-# the last time.
-SLOT="0/1.8.3"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-IUSE="conntrack netlink nftables pcap static-libs"
-
-COMMON_DEPEND="
-	conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
-	netlink? ( net-libs/libnfnetlink )
-	nftables? (
-		>=net-libs/libmnl-1.0:=
-		>=net-libs/libnftnl-1.1.6:=
-	)
-	pcap? ( net-libs/libpcap )
-"
-DEPEND="
-	${COMMON_DEPEND}
-	virtual/os-headers
-	>=sys-kernel/linux-headers-4.4:0
-"
-BDEPEND="
-	virtual/pkgconfig
-	nftables? (
-		sys-devel/flex
-		virtual/yacc
-	)
-"
-RDEPEND="
-	${COMMON_DEPEND}
-	nftables? ( net-misc/ethertypes )
-	!<net-firewall/ebtables-2.0.11-r1
-	!<net-firewall/arptables-0.0.5-r1
-"
-IDEPEND=">=app-eselect/eselect-pinentry-0.7.2"
-
-PATCHES=(
-	"${FILESDIR}/iptables-1.8.4-no-symlinks.patch"
-	"${FILESDIR}/iptables-1.8.2-link.patch"
-
-	"${FILESDIR}/${P}-format-security.patch"
-	"${FILESDIR}/${P}-uint-musl.patch"
-	"${FILESDIR}/${P}-musl-headers.patch"
-	"${FILESDIR}/${P}-out-of-tree-build.patch"
-)
-
-src_prepare() {
-	# Use the saner headers from the kernel
-	rm include/linux/{kernel,types}.h || die
-
-	default
-	eautoreconf
-}
-
-src_configure() {
-	# Some libs use $(AR) rather than libtool to build, bug #444282
-	tc-export AR
-
-	# Hack around struct mismatches between userland & kernel for some ABIs
-	# bug #472388
-	use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
-
-	sed -i \
-		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
-		-e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
-		configure || die
-
-	local myeconfargs=(
-		--sbindir="${EPREFIX}/sbin"
-		--libexecdir="${EPREFIX}/$(get_libdir)"
-		--enable-devel
-		--enable-ipv6
-		--enable-shared
-		$(use_enable nftables)
-		$(use_enable pcap bpf-compiler)
-		$(use_enable pcap nfsynproxy)
-		$(use_enable static-libs static)
-	)
-
-	econf "${myeconfargs[@]}"
-}
-
-src_compile() {
-	emake V=1
-}
-
-src_install() {
-	default
-
-	dodoc INCOMPATIBILITIES iptables/iptables.xslt
-
-	# All the iptables binaries are in /sbin, so might as well
-	# put these small files in with them
-	into /
-	dosbin iptables/iptables-apply
-	dosym iptables-apply /sbin/ip6tables-apply
-	doman iptables/iptables-apply.8
-
-	insinto /usr/include
-	doins include/ip{,6}tables.h
-	insinto /usr/include/iptables
-	doins include/iptables/internal.h
-
-	keepdir /var/lib/ip{,6}tables
-	newinitd "${FILESDIR}"/${PN}-r3.init iptables
-	newconfd "${FILESDIR}"/${PN}-r1.confd iptables
-	dosym iptables /etc/init.d/ip6tables
-	newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
-
-	if use nftables; then
-		# Bug #647458
-		rm "${ED}"/etc/ethertypes || die
-
-		# Bugs #660886 and #669894
-		rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
-	fi
-
-	systemd_dounit "${FILESDIR}"/systemd/ip{,6}tables-{re,}store.service
-
-	# Move important libs to /lib, bug #332175
-	gen_usr_ldscript -a ip{4,6}tc xtables
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
-	local default_iptables="xtables-legacy-multi"
-	if ! eselect iptables show &>/dev/null; then
-		elog "Current iptables implementation is unset, setting to ${default_iptables}"
-		eselect iptables set "${default_iptables}"
-	fi
-
-	if use nftables; then
-		local tables
-		for tables in {arp,eb}tables; do
-			if ! eselect ${tables} show &>/dev/null; then
-				elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
-				eselect ${tables} set xtables-nft-multi
-			fi
-		done
-	fi
-
-	eselect iptables show
-}
-
-pkg_prerm() {
-	if [[ -z ${REPLACED_BY_VERSION} ]]; then
-		elog "Unsetting iptables symlinks before removal"
-		eselect iptables unset
-	fi
-
-	if ! has_version 'net-firewall/ebtables'; then
-		elog "Unsetting ebtables symlinks before removal"
-		eselect ebtables unset
-	elif [[ -z ${REPLACED_BY_VERSION} ]]; then
-		elog "Resetting ebtables symlinks to ebtables-legacy"
-		eselect ebtables set ebtables-legacy
-	fi
-
-	if ! has_version 'net-firewall/arptables'; then
-		elog "Unsetting arptables symlinks before removal"
-		eselect arptables unset
-	elif [[ -z ${REPLACED_BY_VERSION} ]]; then
-		elog "Resetting arptables symlinks to arptables-legacy"
-		eselect arptables set arptables-legacy
-	fi
-
-	# The eselect module failing should not be fatal
-	return 0
-}
diff --git a/net-firewall/iptables/iptables-1.8.8-r4.ebuild b/net-firewall/iptables/iptables-1.8.8-r4.ebuild
new file mode 100644
index 000000000000..da1b4c528c4d
--- /dev/null
+++ b/net-firewall/iptables/iptables-1.8.8-r4.ebuild
@@ -0,0 +1,181 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript
+
+DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://www.netfilter.org/projects/iptables/"
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+# Subslot reflects PV when libxtables and/or libip*tc was changed
+# the last time.
+SLOT="0/1.8.3"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="conntrack netlink nftables pcap static-libs"
+
+COMMON_DEPEND="
+	conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
+	netlink? ( net-libs/libnfnetlink )
+	nftables? (
+		>=net-libs/libmnl-1.0:=
+		>=net-libs/libnftnl-1.1.6:=
+	)
+	pcap? ( net-libs/libpcap )
+"
+DEPEND="
+	${COMMON_DEPEND}
+	virtual/os-headers
+	>=sys-kernel/linux-headers-4.4:0
+"
+BDEPEND="
+	virtual/pkgconfig
+	nftables? (
+		sys-devel/flex
+		virtual/yacc
+	)
+"
+RDEPEND="
+	${COMMON_DEPEND}
+	nftables? ( net-misc/ethertypes )
+	!<net-firewall/ebtables-2.0.11-r1
+	!<net-firewall/arptables-0.0.5-r1
+"
+IDEPEND=">=app-eselect/eselect-iptables-20220320"
+
+PATCHES=(
+	"${FILESDIR}/iptables-1.8.4-no-symlinks.patch"
+	"${FILESDIR}/iptables-1.8.2-link.patch"
+
+	"${FILESDIR}/${P}-format-security.patch"
+	"${FILESDIR}/${P}-uint-musl.patch"
+	"${FILESDIR}/${P}-musl-headers.patch"
+	"${FILESDIR}/${P}-out-of-tree-build.patch"
+)
+
+src_prepare() {
+	# Use the saner headers from the kernel
+	rm include/linux/{kernel,types}.h || die
+
+	default
+	eautoreconf
+}
+
+src_configure() {
+	# Some libs use $(AR) rather than libtool to build, bug #444282
+	tc-export AR
+
+	# Hack around struct mismatches between userland & kernel for some ABIs
+	# bug #472388
+	use amd64 && [[ ${ABI} == "x32" ]] && append-flags -fpack-struct
+
+	sed -i \
+		-e "/nfnetlink=[01]/s:=[01]:=$(usex netlink 1 0):" \
+		-e "/nfconntrack=[01]/s:=[01]:=$(usex conntrack 1 0):" \
+		configure || die
+
+	local myeconfargs=(
+		--sbindir="${EPREFIX}/sbin"
+		--libexecdir="${EPREFIX}/$(get_libdir)"
+		--enable-devel
+		--enable-ipv6
+		--enable-shared
+		$(use_enable nftables)
+		$(use_enable pcap bpf-compiler)
+		$(use_enable pcap nfsynproxy)
+		$(use_enable static-libs static)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	emake V=1
+}
+
+src_install() {
+	default
+
+	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+
+	# All the iptables binaries are in /sbin, so might as well
+	# put these small files in with them
+	into /
+	dosbin iptables/iptables-apply
+	dosym iptables-apply /sbin/ip6tables-apply
+	doman iptables/iptables-apply.8
+
+	insinto /usr/include
+	doins include/ip{,6}tables.h
+	insinto /usr/include/iptables
+	doins include/iptables/internal.h
+
+	keepdir /var/lib/ip{,6}tables
+	newinitd "${FILESDIR}"/${PN}-r3.init iptables
+	newconfd "${FILESDIR}"/${PN}-r1.confd iptables
+	dosym iptables /etc/init.d/ip6tables
+	newconfd "${FILESDIR}"/ip6tables-r1.confd ip6tables
+
+	if use nftables; then
+		# Bug #647458
+		rm "${ED}"/etc/ethertypes || die
+
+		# Bugs #660886 and #669894
+		rm "${ED}"/sbin/{arptables,ebtables}{,-{save,restore}} || die
+	fi
+
+	systemd_dounit "${FILESDIR}"/systemd/ip{,6}tables-{re,}store.service
+
+	# Move important libs to /lib, bug #332175
+	gen_usr_ldscript -a ip{4,6}tc xtables
+
+	find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_postinst() {
+	local default_iptables="xtables-legacy-multi"
+	if ! eselect iptables show &>/dev/null; then
+		elog "Current iptables implementation is unset, setting to ${default_iptables}"
+		eselect iptables set "${default_iptables}"
+	fi
+
+	if use nftables; then
+		local tables
+		for tables in {arp,eb}tables; do
+			if ! eselect ${tables} show &>/dev/null; then
+				elog "Current ${tables} implementation is unset, setting to ${default_iptables}"
+				eselect ${tables} set xtables-nft-multi
+			fi
+		done
+	fi
+
+	eselect iptables show
+}
+
+pkg_prerm() {
+	if [[ -z ${REPLACED_BY_VERSION} ]]; then
+		elog "Unsetting iptables symlinks before removal"
+		eselect iptables unset
+	fi
+
+	if ! has_version 'net-firewall/ebtables'; then
+		elog "Unsetting ebtables symlinks before removal"
+		eselect ebtables unset
+	elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+		elog "Resetting ebtables symlinks to ebtables-legacy"
+		eselect ebtables set ebtables-legacy
+	fi
+
+	if ! has_version 'net-firewall/arptables'; then
+		elog "Unsetting arptables symlinks before removal"
+		eselect arptables unset
+	elif [[ -z ${REPLACED_BY_VERSION} ]]; then
+		elog "Resetting arptables symlinks to arptables-legacy"
+		eselect arptables set arptables-legacy
+	fi
+
+	# The eselect module failing should not be fatal
+	return 0
+}
diff --git a/net-firewall/nufw/Manifest b/net-firewall/nufw/Manifest
index 8a4889e1a6f6..797f5e59ca2c 100644
--- a/net-firewall/nufw/Manifest
+++ b/net-firewall/nufw/Manifest
@@ -5,5 +5,5 @@ AUX nufw-2.2.22-var-run.patch 1438 BLAKE2B 259d96d3a7386ac30f4ca7a88ecb0a4714b04
 AUX nufw-conf.d 122 BLAKE2B 3263b28a9a783f35920a30cb022fe86b8a0fdc05b45c5a191e53c0b201ca38da9fe9eeda82866cf69dc760e0ff2fcd0264ee17f53f03a6077b63d9fcbd2dd1f0 SHA512 df48fc1843bf07e7ccfacd647caafc43752fdfa76da09a89d9ec0d76b79746c60c70f68c004c7e37899f195ae63adefc7d1c1b2c7b41da27911eb4cdc54212fb
 AUX nufw-init.d 273 BLAKE2B 00827d4cf93b484c6563b7bccc4020e9de0e8f2652eb29f9b1a64dfb4333b7e04b370f977a43a8f9af4b680d62e658a7779822c6671059e83a5ceea7f1872f5e SHA512 7f8b16532ae74b6aae8a9c7ef4a7509b66253f03a47c8ee521163a35db525e8c25b091289e10337307906a27e0aba558bd2a28dc0b91cbc09ce17ba78002d0e1
 DIST nufw-2.2.22.tar.bz2 597491 BLAKE2B 4c3092aeaced237ceb9faa16cff275938de23cdca31d2d6f6406238a0fe75ad15468f91a80b1d6e0bfc6dac520b6331ee19a1d95a006d591b891b91aad6caa8b SHA512 cc9f43b9ebf6aabbab4c83799ca1735fc456c085959cfb24d17571302c71518660424195b2cc62ed615f811bd6b3c45e1b99db99138d1caa6a744370775acaee
-EBUILD nufw-2.2.22-r4.ebuild 2698 BLAKE2B ae96e927c4ed8ee1eee39c7ebae6be660dac905c09c0dfc200be23efb220a996724e2620be0a861e23035be2ad91d22a12b72ba402ab0ea26714c02629671215 SHA512 bbac77d635a65aa988a597f4f9b9f4404ef4cf15e13cf0f484802b117c6af81bd0e44a5d8e6ce7a5356039a8741909a7589b163b6cf526eb5adba7e7805f8705
+EBUILD nufw-2.2.22-r4.ebuild 2698 BLAKE2B f399cc468ab34cbf150701531c82e8eecf4f0a38e32be3ba35b2849e731d32fdc43219d2fe82637102cc9a0ee81f470d62581b16a9674658c402622997511cc5 SHA512 c3b29e62f96875483943227b118fbbbf4532403d991807b47368f3e49768f92d674c8f95fd226bc3deb8f4929f2b8d27fdb54a2ea1e4d081eb6327cc5f59206a
 MISC metadata.xml 640 BLAKE2B c06edc5ba48c7b4447ff1c823f54dcea87f56a727a11d77c33e348a516d904a3d08cb2657090a8acfee0f985b45898c4469db865dec5ae5faa39738e4c7106c1 SHA512 0db8eb5af7d4b1fb42189b30b303314cdc0beedb7a85962f3539a446751e8f6d2c298bfc2e33d6bf806b2543e1ef0631b98c1f447cca42302845376324828fef
diff --git a/net-firewall/nufw/nufw-2.2.22-r4.ebuild b/net-firewall/nufw/nufw-2.2.22-r4.ebuild
index 41edbb536323..2e174388eae4 100644
--- a/net-firewall/nufw/nufw-2.2.22-r4.ebuild
+++ b/net-firewall/nufw/nufw-2.2.22-r4.ebuild
@@ -20,7 +20,7 @@ DEPEND="
 	dev-libs/cyrus-sasl
 	dev-libs/glib:2
 	dev-libs/libgcrypt:=
-	dev-python/ipy
+	dev-python/IPy
 	net-firewall/iptables
 	net-libs/gnutls:=
 	ldap? ( >=net-nds/openldap-2:= )
diff --git a/net-firewall/psad/Manifest b/net-firewall/psad/Manifest
index 8cd6f7e85a2a..a0b1ba81919e 100644
--- a/net-firewall/psad/Manifest
+++ b/net-firewall/psad/Manifest
@@ -1,4 +1,4 @@
 AUX psad-2.2.4-var-run.patch 589 BLAKE2B 11c7095cc2eac066c44ae03d59787c92a7db095167f1e1b30c4e5f4931cdafbab6ddf092025e6cf885ce85d11763a429d02517ef8494eb9c9231c83d261aa687 SHA512 dfd46dc06ef1f5bacb1424dc3ef9df23c5dc28abe6c6b1ffcbf7720e1d134e983e581831e7ed04074592bd1865f3628c753b313b7df1f7fdf84d438e82c25464
 DIST psad-2.4.6.tar.bz2 2548405 BLAKE2B 7479ce4496343ca988da4dbe82190053385f1a8fa2e190002545c63f2e36283bc84293d932ebe147c9078923fa9e0527b4265fffdb8e1fd99bfc5d9955f9f3cd SHA512 a5de29b9ca0108aa8c6a325b725145f408dc517aeee4654596c7a037762f495a78827c64fc2e9c4284bc8db65caf0321982ecaf02de6d73784c2038e1078f42d
-EBUILD psad-2.4.6.ebuild 1925 BLAKE2B 20a8449109d8dafa7a2c649ccf6fc9e89be9b809eeb09f25a4c7effbc81c8aca9948751fd3a8fd210c497168597f2a3d5e09637007dffdc1282ae6f6d16f0e03 SHA512 1b4a4c607d848075cede65c6331a878dc1a755df98ef497ea0d470cf4fd4c8cad109c6ebbc9c4f99fe98130a38a01f20653c4cbe7bc8e90c66bbb312a85c5bd4
+EBUILD psad-2.4.6-r1.ebuild 1776 BLAKE2B 17642a5b7c18026fe5c958cb98e2f4c21deec88903ef2609dfbdf044fd2500d53c67661dd8e5596a508293ad8d0abb34651b53b06d96faba01bd8efd0ae82e6b SHA512 1e5f0991696675e1dec674c37510cec374262463817bb7b1f77c0f910f4807323d03f249d1dac2e216ff69592d0753f6581e1a34cbc23dce2375219b623119df
 MISC metadata.xml 277 BLAKE2B 57fc90092c4674e5c4dfe38b0d79c983990fce4e8208b70c2ebb218aebb6d2135537f927115f3a7b7eb8c1ddb596461c17e60acb3e6a11b289796f20f3c80a33 SHA512 5ac67e6beabab60f83ac521249c6d1f021988d522fc86ab12ec98fbaa9d47a50157c10c7b9a39554e66a02b141cdc6dc6669e5e7c9c02c8b36ad404aa790d619
diff --git a/net-firewall/psad/psad-2.4.6-r1.ebuild b/net-firewall/psad/psad-2.4.6-r1.ebuild
new file mode 100644
index 000000000000..d9125b0b0558
--- /dev/null
+++ b/net-firewall/psad/psad-2.4.6-r1.ebuild
@@ -0,0 +1,90 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit perl-module toolchain-funcs
+
+DESCRIPTION="Port Scanning Attack Detection daemon"
+HOMEPAGE="https://www.cipherdyne.org/psad/"
+SRC_URI="https://www.cipherdyne.org/psad/download/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm64 ppc ~sparc x86"
+
+RDEPEND="
+	dev-perl/Bit-Vector
+	dev-perl/Date-Calc
+	dev-perl/NetAddr-IP
+	dev-perl/Unix-Syslog
+	net-firewall/iptables
+	net-misc/whois
+	virtual/logger
+	virtual/mailx
+	virtual/perl-Storable"
+BDEPEND="virtual/perl-ExtUtils-MakeMaker"
+
+PATCHES=( "${FILESDIR}"/${PN}-2.2.4-var-run.patch )
+
+src_prepare() {
+	default
+
+	sed -i \
+		-e 's|/usr/bin/gcc|$(CC)|g' \
+		-e 's|-O|$(CFLAGS) $(LDFLAGS)|g' \
+		Makefile || die
+	# Fix up default paths
+	sed -i \
+		-e "s:/usr/bin/whois_psad:/usr/bin/whois:g" \
+		psad.conf || die
+}
+
+src_configure() {
+	default
+
+	local d
+	for d in IPTables-Parse IPTables-ChainMgr; do
+		cd "${S}"/deps/${d} || die
+		perl-module_src_configure
+	done
+}
+
+src_compile() {
+	tc-export CC
+	default
+
+	local d
+	for d in IPTables-Parse IPTables-ChainMgr; do
+		cd "${S}"/deps/${d} || die
+		perl-module_src_compile
+	done
+}
+
+src_install() {
+	newbin misc/pscan psad-pscan
+
+	dosbin kmsgsd psad psadwatchd
+	newsbin fwcheck_psad.pl fwcheck_psad
+
+	insinto /etc/psad
+	doins \
+		*.conf auto_dl icmp{,6}_types ip_options psad_* pf.os posf \
+		protocols signatures
+
+	newinitd init-scripts/psad-init.gentoo psad
+
+	doman doc/*.8
+
+	dodoc doc/BENCHMARK CREDITS Change* doc/FW_EXAMPLE_RULES README \
+		doc/README.SYSLOG doc/SCAN_LOG
+
+	insinto /etc/psad/snort_rules
+	doins deps/snort_rules/*
+
+	local d
+	for d in IPTables-Parse IPTables-ChainMgr; do
+		cd "${S}"/deps/${d} || die
+		perl-module_src_install
+	done
+}
diff --git a/net-firewall/psad/psad-2.4.6.ebuild b/net-firewall/psad/psad-2.4.6.ebuild
deleted file mode 100644
index 7a4da9029e17..000000000000
--- a/net-firewall/psad/psad-2.4.6.ebuild
+++ /dev/null
@@ -1,93 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-#PERL_EXPORT_PHASE_FUNCTIONS=no
-inherit perl-module toolchain-funcs
-
-DESCRIPTION="Port Scanning Attack Detection daemon"
-SRC_URI="https://www.cipherdyne.org/psad/download/${P}.tar.bz2"
-HOMEPAGE="https://www.cipherdyne.org/psad/"
-
-SLOT="0"
-LICENSE="GPL-2"
-KEYWORDS="~alpha amd64 ~arm64 ppc ~sparc x86"
-
-DEPEND="virtual/perl-ExtUtils-MakeMaker"
-RDEPEND="
-	dev-perl/Bit-Vector
-	dev-perl/Date-Calc
-	dev-perl/NetAddr-IP
-	dev-perl/Unix-Syslog
-	net-firewall/iptables
-	net-misc/whois
-	virtual/logger
-	virtual/mailx
-	virtual/perl-Storable
-"
-PATCHES=(
-	"${FILESDIR}"/${PN}-2.2.4-var-run.patch
-)
-
-src_prepare() {
-	default
-
-	sed -i \
-		-e 's|/usr/bin/gcc|$(CC)|g' \
-		-e 's|-O|$(CFLAGS) $(LDFLAGS)|g' \
-		Makefile || die
-	# Fix up default paths
-	sed -i \
-		-e "s:/usr/bin/whois_psad:/usr/bin/whois:g" \
-		psad.conf || die
-}
-
-src_configure() {
-	default
-
-	local deps_subdir
-	for deps_subdir in IPTables-Parse IPTables-ChainMgr; do
-		cd "${S}"/deps/${deps_subdir} || die
-		SRC_PREP="no" perl-module_src_configure
-	done
-}
-
-src_compile() {
-	tc-export CC
-	default
-
-	local deps_subdir
-	for deps_subdir in IPTables-Parse IPTables-ChainMgr; do
-		cd "${S}"/deps/${deps_subdir} || die
-		perl-module_src_compile
-	done
-}
-
-src_install() {
-	newbin misc/pscan psad-pscan
-
-	insinto /usr
-	dosbin kmsgsd psad psadwatchd
-	newsbin fwcheck_psad.pl fwcheck_psad
-
-	insinto /etc/psad
-	doins \
-		*.conf auto_dl icmp{,6}_types ip_options psad_* pf.os posf \
-		protocols signatures
-
-	newinitd init-scripts/psad-init.gentoo psad
-
-	doman doc/*.8
-
-	dodoc doc/BENCHMARK CREDITS Change* doc/FW_EXAMPLE_RULES README \
-		doc/README.SYSLOG doc/SCAN_LOG
-
-	insinto /etc/psad/snort_rules
-	doins deps/snort_rules/*
-
-	local deps_subdir
-	for deps_subdir in IPTables-Parse IPTables-ChainMgr; do
-		cd "${S}"/deps/${deps_subdir} || die
-		perl-module_src_install
-	done
-}
diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest
index 9db8da6bf533..1a62dacb3756 100644
--- a/net-firewall/ufw/Manifest
+++ b/net-firewall/ufw/Manifest
@@ -5,9 +5,14 @@ AUX ufw-0.36-bash-completion.patch 328 BLAKE2B 7f88afa8f4ccc12aba70dce1ca82e6992
 AUX ufw-0.36-dont-check-iptables.patch 1592 BLAKE2B 7b8bb33a04a455fd05bf62b19ec35ff209eb54f7adc77a6296d4a5bbb80996ec11691e48b3ba1f4cffd11c53775545e537319852b0a9a3e27e4799d79c34a655 SHA512 a0c8c7331d46b917cec86763414ce2c70ef120bd069bd8ba67ef4ab2ab5212e7263f01d3d5072c7c8e4301ee36b280c8f464fc21cc19b3805c6d391437df0438
 AUX ufw-0.36-move-path.patch 6985 BLAKE2B 1f5ed4b0265fb812acffd1bb756a60a2a1e31b013054c40dae532966fd42449ba7bdde644c181a2f6e0c20103d9ef37a0400d217f7ec843bc10e3528b95eb8bc SHA512 228ed40f800b8ed4bbc217df9478c1c0be5eb1ec154abd2d3a3cd6c92902632f07ef70c3ca3f2478bfe501735a0f6f0b7fa8d8f4991fdaead4332e4c65bad0c9
 AUX ufw-0.36-shebang.patch 714 BLAKE2B adfbc135b1ec2e51a6df59c7caf4b081568eb77fc2b4c3518e4cb875aa75cc51122f09557c1bcaea9a06ca18891c897a3bba546027a9e1a2998c342948713676 SHA512 de3750d2e4361315e43df0ee4ed3da90631d66b148e8b93fabf3607d7d3dae9dca53f60edd94c1dc0315435c1a6c5d05816873782fc310ad15b347b2ba743612
+AUX ufw-0.36.1-dont-check-iptables.patch 1956 BLAKE2B 1afb02e74e4855a93a6145756bf4ef2b3f4f457bc5af0844d9b4788f8e01d3fc2e3b9f27fbba8ab5316dd51f0e995632173b5dd5553a17e25f17d95e318317c2 SHA512 6b8f9f09d07a402aaf671a7d2ae899d4deb67fac5525f5733ed5e67b517d108df3d7037151f953dc0e5614997a5a44b32fd5c8746dcea57c5f264ae625d71554
+AUX ufw-0.36.1-move-path.patch 4880 BLAKE2B 544dc08b6bb806929f049db4f9aa70dff35526ff0602bdb19ff4d5a8d3c0e19a46e62a617cd52c1bfd9a7300a48642e84478b924ba28f0e9183305486a002a6f SHA512 8b3710f3c0b8ca6a05db1dd74e84088b12fe9556a75da7fb7211788cdd24c3157251b4a82973d21c787b05bc81a27940c2d5fffd56d541334cdbd2e99c532019
+AUX ufw-0.36.1-shebang.patch 713 BLAKE2B ad34303c58fd76f47d4ce550c1669c09cbbf9c00cfa986000d79cefbd44319f37b33b2b4090bf4551c9f6c2f961e7e9a3a628a8209fb6c43b8c7741406ff0b9f SHA512 ebf73b60b15292cd35c11262fe488294b229e60acaca81487d70bb2817c080f22d6813f1d8a9edc601fd9d2da141474a6da8dc7195fc99db7f664c7db1848457
 AUX ufw-2.initd 2611 BLAKE2B b6a75e023ad0efeeef168e7e074c716ec66f40d3bde9f99cf1a02e63800b4a42c3ff7d35fe9503e51859f98cdf500db4c1900a9436f642c0af7350c9d1256692 SHA512 f6cb7f6f7713d6f2c78c0b0254f385701f28b997931007997f0702af0dcd0d1b1bf08617dbb3abd21219c23a63ec3286e019896253ff7e9bdbb218a5bb17dd80
 AUX ufw.confd 219 BLAKE2B 8ed5dec5dd9acc84715918240e31398268ff36f73bb2cfc10e64e0593e59cc7f5b988f8545ddea37f19d9b40e870d743bea66edd7da1e3d2753b6edda8afa352 SHA512 a010532c97b9cf83f1fb5fa707228e0542a8b109c76e5942aaf2d6552c63e033d32e39e5a6ac87cb9e2ed4c3fdbc5d03c75127e6378665e592b143bc1eda52c7
 AUX ufw.service 329 BLAKE2B e817fc85b3bdb21b47a3089c6f2204292a019eaeae510832530f0e09f8784a312dd636fa3cf90610bb3159d52b4bdaadf803699ac4bff31576b566a3e977b2d2 SHA512 a365e704ca958c83c86f8a6b1623ce3f9ad72dcfb0cfc7758bfc787e0877f897ccf8b200db83df17130ca5dcc54f938178b8cabfe3ee0c0896c814ee7d2439c7
+DIST ufw-0.36.1.tar.gz 583123 BLAKE2B 16e1ee67493d5db10a04667b646a019aa3aeb06345d0facc334fb07eeff4d4f6674a4699b2bd7bd6ed29de1c05c4e14812e9e8ec55c4bfb8579b8e3e2e577f6a SHA512 77d01fef661083eac041be6d6eabffb1d8aedb215f73e44e18a9a63a48da96414b3c0166e3ffd9402c22c72a6de5d774ba14b15368b02997aae8e08d1c5dd4c0
 DIST ufw-0.36.tar.gz 580338 BLAKE2B a7e07ac11539061a69bb83d45c0affc54793503b31c9e9f9f8b34fa890a3fe97682f9133102e74e5f6e1eb372a929cfc8619baa2cc9efc1dc289d9f4a1766efd SHA512 b32d7f79f43c203149c48b090ee0d063df78fcf654344ee11066a7363e799a62b046758ffe02b8bd15121545ac2a6b61df21fe56f8b810319fe4dd562cbdadb3
 EBUILD ufw-0.36-r1.ebuild 6211 BLAKE2B 0a952ba2fba9a0819c0858942d27484ff472dc7a1fbcfa9568b985c58d637ba7ea948c1ba774767e693cc6f9d965fcee8ba24669213fa0dec534d9ea19d79de4 SHA512 a82ceab9449eca80c7b3805abe84c022880e0e2516f03330e58031240127af53dbde5a4ac0b6d9bb6b659b5cdb6685866e40b50493c5d4f3fac136ab5194cd94
-MISC metadata.xml 922 BLAKE2B 0c91f6735dd5504990a134e76089fac6f83aeb8f02e62be3a0e66c82d71c8013867b196c952d769247f2ab30786b753114361c066a0b892f79b342491370aedf SHA512 592b21153b57e3ccbd66bde46e4d2ff0768f1c678bc9154e8dd9a728f5f6ca13f71f9349381dba9667e6ed5ae30f38f5d95378d665475694cf9b49edde549a23
+EBUILD ufw-0.36.1.ebuild 6143 BLAKE2B 05b84414f1543b3a40eb9f3224fd33f55a10cd6bff4fef9ce8a780c937ffa6c68bc9de9499674b5204ff8e6d6b83d7a254bcb9e515d42acf2bf801d0cb069bd1 SHA512 cf5a5ae8312382b30ebc2dee663f53aecb51dde0fa329c39e69ee7c4c0926d4403365e4be1ac53091cc28f9f533015cb4b84b04dc9fcd6ec7ffe945a69690404
+MISC metadata.xml 686 BLAKE2B 6d415e2295cf7facf8908aab2fbd7d4150d24595c9eb30ccf7f105ff2263cd7dc6c393dc8ad8303b264d76be37bb11da3ce4d4b666c0648e974b7585e9e7e452 SHA512 c1dee02a7458095069243337abb01a66dc132de15a51114cc1b39778f02b3a05d28a869cfa8cef55cf8701bb7f872232b63d432c1c5e45d71d90fa6099f74dd5
diff --git a/net-firewall/ufw/files/ufw-0.36.1-dont-check-iptables.patch b/net-firewall/ufw/files/ufw-0.36.1-dont-check-iptables.patch
new file mode 100644
index 000000000000..ae0c95525a46
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.36.1-dont-check-iptables.patch
@@ -0,0 +1,50 @@
+--- a/setup.py    2022-06-27 17:33:18.043794598 +0300
++++ b/setup.py    2022-06-27 18:15:18.384463926 +0300
+@@ -256,46 +256,7 @@
+ os.unlink(os.path.join('staging', 'ufw-init'))
+ os.unlink(os.path.join('staging', 'ufw-init-functions'))
+
+-iptables_exe = ''
+-iptables_dir = ''
+-
+-for e in ['iptables']:
+-    # Historically iptables was in /sbin, then later also symlinked from
+-    # /usr/sbin/iptables to /sbin/iptables. Debian bullseye moves iptables
+-    # to /usr/sbin with no symlink in /sbin except on upgrades. To accomodate
+-    # buildds that may still have the old iptables, search /usr/sbin first
+-    for dir in ['/usr/sbin', '/sbin', '/usr/bin', '/bin', '/usr/local/sbin', \
+-                '/usr/local/bin']:
+-        if e == "iptables":
+-            if os.path.exists(os.path.join(dir, e)):
+-                iptables_dir = dir
+-                iptables_exe = os.path.join(iptables_dir, "iptables")
+-                print("Found '%s'" % iptables_exe)
+-            else:
+-                continue
+-
+-        if iptables_exe != "":
+-            break
+-
+-
+-if iptables_exe == '':
+-    print("ERROR: could not find required binary 'iptables'", file=sys.stderr)
+-    sys.exit(1)
+-
+-for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']:
+-    if not os.path.exists(os.path.join(iptables_dir, e)):
+-        print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr)
+-        sys.exit(1)
+-
+-(rc, out) = cmd([iptables_exe, '-V'])
+-if rc != 0:
+-    raise OSError(errno.ENOENT, "Could not find version for '%s'" % \
+-                  (iptables_exe))
+-version = re.sub('^v', '', re.split('\s', str(out))[1])
+-print("Found '%s' version '%s'" % (iptables_exe, version))
+-if version < "1.4":
+-    print("WARN: version '%s' has limited IPv6 support. See README for details." % (version), file=sys.stderr)
+-
++iptables_dir = '/sbin'
+ setup (name='ufw',
+       version=ufw_version,
+       description='front-end for Linux firewalling',
diff --git a/net-firewall/ufw/files/ufw-0.36.1-move-path.patch b/net-firewall/ufw/files/ufw-0.36.1-move-path.patch
new file mode 100644
index 000000000000..8ace1edc1166
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.36.1-move-path.patch
@@ -0,0 +1,124 @@
+--- a/doc/ufw-framework.8     2021-09-19 04:19:03.000000000 +0300
++++ b/doc/ufw-framework.8     2022-06-27 17:14:11.292890569 +0300
+@@ -18,7 +18,7 @@
+ parameters and configuration of IPv6. The framework consists of the following
+ files:
+ .TP
+-#STATE_PREFIX#/ufw\-init
++#SHARE_DIR#/ufw\-init
+ initialization script
+ .TP
+ #CONFIG_PREFIX#/ufw/before.init
+@@ -47,7 +47,7 @@
+
+ .SH "BOOT INITIALIZATION"
+ .PP
+-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a
++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a
+ standard SysV style initscript used by the \fBufw\fR command and should not be
+ modified. The #CONFIG_PREFIX#/before.init and #CONFIG_PREFIX#/after.init
+ scripts may be used to perform any additional firewall configuration that is
+--- a/setup.py    2021-09-19 04:19:01.000000000 +0300
++++ b/setup.py    2022-06-27 17:33:18.043794598 +0300
+@@ -54,7 +54,7 @@
+             return
+
+         real_confdir = os.path.join('/etc')
+-        real_statedir = os.path.join('/lib', 'ufw')
++        real_statedir = os.path.join('/etc', 'ufw', 'user')
+         real_prefix = self.prefix
+         if self.home != None:
+             real_confdir = self.home + real_confdir
+@@ -131,14 +131,20 @@
+         self.copy_file('doc/ufw.8', manpage)
+         self.copy_file('doc/ufw-framework.8', manpage_f)
+
+-        # Install state files and helper scripts
++        # Install state files
+         statedir = real_statedir
+         if self.root != None:
+             statedir = self.root + real_statedir
+         self.mkpath(statedir)
+
+-        init_helper = os.path.join(statedir, 'ufw-init')
+-        init_helper_functions = os.path.join(statedir, 'ufw-init-functions')
++        # Install helper scripts
++        sharedir = real_sharedir
++        if self.root != None:
++            sharedir = self.root + real_sharedir
++        self.mkpath(sharedir)
++
++        init_helper = os.path.join(sharedir, 'ufw-init')
++        init_helper_functions = os.path.join(sharedir, 'ufw-init-functions')
+         self.copy_file('src/ufw-init', init_helper)
+         self.copy_file('src/ufw-init-functions', init_helper_functions)
+
+@@ -219,14 +225,19 @@
+                              f])
+
+             subprocess.call(["sed",
++                              "-i",
++                             "s%#SHARE_DIR#%" + real_sharedir + "%g",
++                             f])
++
++            subprocess.call(["sed",
+                              "-i",
+                              "s%#VERSION#%" + ufw_version + "%g",
+                              f])
+
+         # Install pristine copies of rules files
+-        sharedir = real_sharedir
+-        if self.root != None:
+-            sharedir = self.root + real_sharedir
++        #sharedir = real_sharedir
++        #if self.root != None:
++        #    sharedir = self.root + real_sharedir
+         rulesdir = os.path.join(sharedir, 'iptables')
+         self.mkpath(rulesdir)
+         for f in [ before_rules, after_rules, \
+--- a/src/backend_iptables.py    2021-09-19 04:19:01.000000000 +0300
++++ b/src/backend_iptables.py    2022-06-27 17:44:24.880445896 +0300
+@@ -37,6 +37,8 @@
+
+         files = {}
+         config_dir = _findpath(ufw.common.config_dir, datadir)
++        state_dir = _findpath(ufw.common.state_dir, datadir)
++        share_dir = _findpath(ufw.common.share_dir, datadir)
+
+         files['rules'] = os.path.join(config_dir, 'ufw/user.rules')
+         files['before_rules'] = os.path.join(config_dir, 'ufw/before.rules')
+@@ -48,8 +50,7 @@
+         # the lock files (ufw.common.state_dir, aka /lib/ufw), but when set,
+         # ufw-init is in rootdir/lib/ufw (ro) and the lockfiles in
+         # datadir/lib/ufw (rw)
+-        files['init'] = os.path.join(_findpath(ufw.common.state_dir, rootdir),
+-                                     'ufw-init')
++        files['init'] = os.path.join(share_dir, 'ufw-init')
+
+         ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files,
+                                         rootdir=rootdir, datadir=datadir)
+--- a/src/ufw-init    2021-09-19 03:50:19.000000000 +0300
++++ b/src/ufw-init    2022-06-27 17:48:34.352545026 +0300
+@@ -31,10 +31,10 @@
+ fi
+ export DATA_DIR="$datadir"
+
+-if [ -s "${rootdir}#STATE_PREFIX#/ufw-init-functions" ]; then
+-    . "${rootdir}#STATE_PREFIX#/ufw-init-functions"
++if [ -s "${rootdir}#SHARE_DIR#/ufw-init-functions" ]; then
++    . "${rootdir}#SHARE_DIR#/ufw-init-functions"
+ else
+-    echo "Could not find ${rootdir}#STATE_PREFIX#/ufw-init-functions (aborting)"
++    echo "Could not find ${rootdir}#SHARE_DIR#/ufw-init-functions (aborting)"
+     exit 1
+ fi
+
+@@ -83,7 +83,7 @@
+     fi
+     ;;
+ *)
+-    echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
++    echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
+     exit 1
+     ;;
+ esac
diff --git a/net-firewall/ufw/files/ufw-0.36.1-shebang.patch b/net-firewall/ufw/files/ufw-0.36.1-shebang.patch
new file mode 100644
index 000000000000..aaafaac12ae9
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.36.1-shebang.patch
@@ -0,0 +1,15 @@
+--- a/setup.py	2019-03-21 01:51:55.751971770 +0300
++++ b/setup.py	2019-03-21 01:54:40.142513567 +0300
+@@ -121,12 +121,6 @@
+         for f in [ script, manpage, manpage_f ]:
+             self.mkpath(os.path.dirname(f))
+
+-        # update the interpreter to that of the one the user specified for setup
+-        print("Updating staging/ufw to use %s" % (sys.executable))
+-        subprocess.call(["sed",
+-                         "-i",
+-                         "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g",
+-                         'staging/ufw'])
+         self.copy_file('staging/ufw', script)
+         self.copy_file('doc/ufw.8', manpage)
+         self.copy_file('doc/ufw-framework.8', manpage_f)
diff --git a/net-firewall/ufw/metadata.xml b/net-firewall/ufw/metadata.xml
index 86dda81d4cfd..234912f37f36 100644
--- a/net-firewall/ufw/metadata.xml
+++ b/net-firewall/ufw/metadata.xml
@@ -1,14 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-	<maintainer type="person" proxied="yes">
-		<email>hasan.calisir@psauxit.com</email>
-		<name>Hasan ÇALIŞIR</name>
-	</maintainer>
-	<maintainer type="project" proxied="proxy">
-		<email>proxy-maint@gentoo.org</email>
-		<name>Proxy Maintainers</name>
-	</maintainer>
+	<!-- maintainer-needed -->
 	<use>
 		<flag name="examples">Example ufw config files</flag>
 		<flag name="ipv6">IPv6 support for iptables</flag>
diff --git a/net-firewall/ufw/ufw-0.36.1.ebuild b/net-firewall/ufw/ufw-0.36.1.ebuild
new file mode 100644
index 000000000000..a4d9ce8191ff
--- /dev/null
+++ b/net-firewall/ufw/ufw-0.36.1.ebuild
@@ -0,0 +1,217 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{8..11} )
+DISTUTILS_IN_SOURCE_BUILD=1
+DISTUTILS_USE_SETUPTOOLS=no
+
+inherit bash-completion-r1 distutils-r1 linux-info systemd
+
+DESCRIPTION="A program used to manage a netfilter firewall"
+HOMEPAGE="https://launchpad.net/ufw"
+SRC_URI="https://launchpad.net/ufw/${PV%.*}/${PV}/+download/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+IUSE="examples ipv6"
+
+RDEPEND="net-firewall/iptables[ipv6(+)?]"
+BDEPEND="sys-devel/gettext"
+
+PATCHES=(
+	# Move files away from /lib/ufw.
+	"${FILESDIR}/${P}-move-path.patch"
+	# Remove unnecessary build time dependency on net-firewall/iptables.
+	"${FILESDIR}/${P}-dont-check-iptables.patch"
+	# Remove shebang modification.
+	"${FILESDIR}/${P}-shebang.patch"
+	# Fix bash completions, bug #526300
+	"${FILESDIR}/${PN}-0.36-bash-completion.patch"
+)
+
+pkg_pretend() {
+	local CONFIG_CHECK="~PROC_FS
+		~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL
+		~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT
+		~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE"
+
+	if kernel_is -ge 2 6 39; then
+		CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE"
+	else
+		CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE"
+	fi
+
+	# https://bugs.launchpad.net/ufw/+bug/1076050
+	if kernel_is -ge 3 4; then
+		CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG"
+	else
+		CONFIG_CHECK+=" ~IP_NF_TARGET_LOG"
+		use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG"
+	fi
+
+	CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT"
+	use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT"
+
+	check_extra_config
+
+	# Check for default, useful optional features.
+	if ! linux_config_exists; then
+		ewarn "Cannot determine configuration of your kernel."
+		return
+	fi
+
+	local nf_nat_ftp_ok="yes"
+	local nf_conntrack_ftp_ok="yes"
+	local nf_conntrack_netbios_ns_ok="yes"
+
+	linux_chkconfig_present \
+		NF_NAT_FTP || nf_nat_ftp_ok="no"
+	linux_chkconfig_present \
+		NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no"
+	linux_chkconfig_present \
+		NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no"
+
+	# This is better than an essay for each unset option...
+	if [[ "${nf_nat_ftp_ok}" == "no" ]] || \
+	   [[ "${nf_conntrack_ftp_ok}" == "no" ]] || \
+	   [[ "${nf_conntrack_netbios_ns_ok}" == "no" ]]; then
+		echo
+		local mod_msg="Kernel options listed below are not set. They are not"
+		mod_msg+=" mandatory, but they are often useful."
+		mod_msg+=" If you don't need some of them, please remove relevant"
+		mod_msg+=" module name(s) from IPT_MODULES in"
+		mod_msg+=" '${EROOT}/etc/default/ufw' before (re)starting ufw."
+		mod_msg+=" Otherwise ufw may fail to start!"
+		ewarn "${mod_msg}"
+		if [[ "${nf_nat_ftp_ok}" == "no" ]]; then
+			ewarn "NF_NAT_FTP: for better support for active mode FTP."
+		fi
+		if [[ "${nf_conntrack_ftp_ok}" == "no" ]]; then
+			ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP."
+		fi
+		if [[ "${nf_conntrack_netbios_ns_ok}" == "no" ]]; then
+			ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support."
+		fi
+	fi
+}
+
+python_prepare_all() {
+	# Set as enabled by default. User can enable or disable
+	# the service by adding or removing it to/from a runlevel.
+	sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \
+		|| die "sed failed (ufw.conf)"
+
+	sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die
+
+	# If LINGUAS is set install selected translations only.
+	if [[ -n ${LINGUAS+set} ]]; then
+		_EMPTY_LOCALE_LIST="yes"
+		pushd locales/po > /dev/null || die
+
+		local lang
+		for lang in *.po; do
+			if ! has "${lang%.po}" ${LINGUAS}; then
+				rm "${lang}" || die
+			else
+				_EMPTY_LOCALE_LIST="no"
+			fi
+		done
+
+		popd > /dev/null || die
+	else
+		_EMPTY_LOCALE_LIST="no"
+	fi
+
+	distutils-r1_python_prepare_all
+}
+
+python_install_all() {
+	newconfd "${FILESDIR}"/ufw.confd ufw
+	newinitd "${FILESDIR}"/ufw-2.initd ufw
+	systemd_dounit "${FILESDIR}/ufw.service"
+
+	pushd "${ED}" || die
+	chmod -R 0644 etc/ufw/*.rules || die
+	popd || die
+
+	exeinto /usr/share/${PN}
+	doexe tests/check-requirements
+
+	# users normally would want it
+	insinto "/usr/share/doc/${PF}/logging/syslog-ng"
+	doins -r "${FILESDIR}"/syslog-ng/*
+
+	insinto "/usr/share/doc/${PF}/logging/rsyslog"
+	doins -r "${FILESDIR}"/rsyslog/*
+	doins doc/rsyslog.example
+
+	if use examples; then
+		insinto "/usr/share/doc/${PF}/examples"
+		doins -r examples/*
+	fi
+	newbashcomp shell-completion/bash "${PN}"
+
+	[[ $_EMPTY_LOCALE_LIST != "yes" ]] && domo locales/mo/*.mo
+
+	distutils-r1_python_install_all
+	python_replicate_script "${D}/usr/sbin/ufw"
+}
+
+pkg_postinst() {
+	local print_check_req_warn
+	print_check_req_warn=false
+
+	local found=()
+	local apps=( "net-firewall/arno-iptables-firewall"
+		"net-firewall/ferm"
+		"net-firewall/firehol"
+		"net-firewall/firewalld"
+		"net-firewall/ipkungfu" )
+
+	for exe in "${apps[@]}"
+	do
+		if has_version "${exe}"; then
+			found+=( "${exe}" )
+		fi
+	done
+
+	if [[ -n ${found} ]]; then
+		echo ""
+		ewarn "WARNING: Detected other firewall applications:"
+		ewarn "${found[@]}"
+		ewarn "If enabled, these applications may interfere with ufw!"
+	fi
+
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		echo ""
+		elog "To enable ufw, add it to boot sequence and activate it:"
+		elog "-- # rc-update add ufw boot"
+		elog "-- # /etc/init.d/ufw start"
+		echo
+		elog "If you want to keep ufw logs in a separate file, take a look at"
+		elog "/usr/share/doc/${PF}/logging."
+		print_check_req_warn=true
+	else
+		local rv
+		for rv in "${REPLACING_VERSIONS}"; do
+			local major=${rv%%.*}
+			local minor=${rv#${major}.}
+			if [[ "${major}" -eq 0 && "${minor}" -lt 34 ]]; then
+				print_check_req_warn=true
+			fi
+		done
+	fi
+	if [[ "${print_check_req_warn}" == "true" ]]; then
+		echo
+		elog "/usr/share/ufw/check-requirements script is installed."
+		elog "It is useful for debugging problems with ufw. However one"
+		elog "should keep in mind that the script assumes IPv6 is enabled"
+		elog "on kernel and net-firewall/iptables, and fails when it's not."
+	fi
+	echo
+	ewarn "Note: once enabled, ufw blocks also incoming SSH connections by"
+	ewarn "default. See README, Remote Management section for more information."
+}
-- 
cgit v1.2.3